You Can't Escape Data Surveillance In America

tadamichi/Shutterstock.com

The Fair Credit Reporting Act was intended to protect privacy, but its provisions have not kept pace with the radical changes wrought by the information age.

In America, surveillance has always played an outsized role in the relationship between creditors and debtors. In the 19th century, credit bureaus pioneered mass-surveillance techniques. Today, the American debtor faces remote kill switches in their devices, GPS tracking on their leased cars, and surreptitious webcam recordings from their rent-to-own laptops. And where our buying and borrowing habits were once tracked by shopkeepers, our computers score our creditworthiness without us knowing.

The most egregious privacy violations have been punished either by the Federal Trade Commission, or answered with massive class-action lawsuits. But surveillance, tracking, and data collection continues to proliferate. The law has not yet met the challenge of protecting consumers.

The capabilities of today’s technology might be unprecedented, but the quandary is an old one. The ways our financial data gets collected and used today is reminiscent of the state of affairs that led to the Fair Credit Reporting Act of 1970.

The American experience of mass surveillance started with commercial credit bureaus in the 1800s, which employed spies across the country to maintain dossiers of the personal habits of “men of trade”—where they went to church, who they slept with, whether they drank or gambled. Consumer credit reporting agencies followed, after the Civil War, expanding these practices beyond men of trade, to anyone who wanted to buy anything. The information collected by these bureaus was used by retailers, public utilities, landlords, and even law enforcement.

Because the American credit reporting system relies on both good and bad reports of creditworthiness, a consumer must have some kind of credit—not just the absence of bad credit. (In some countries, the lack of a credit report can establish good credit).

“The American system, on other hand, relies on total surveillance,” writes Chris Jay Hoofnagle in his primer on privacy law and the Federal Trade Commission.

From the end of the Civil War to the mid-20th century, the breadth and detail of information collected by the reporting agencies only increased. Control over the access to that information, however, did not seem to keep up.

“People do not realize, for example, that their own credit files are accessible to virtually anyone who understands the workings of credit bureaus and has a few dollars to spend on a report,” said one study in 1969. And those credit reports contained personal information ranging from the deeply prejudicial to the utterly inane.

The reports were compiled using information from retailers, from the public record (court records, newspaper clippings), and from interviews with friends and neighbors.

In 1972, a Senate aide testified before a committee about the type of information that was collected by the automobile insurance industry: “If they, in any way, have some deviant behavior characteristics, they wear pink shirts, or have long hair and a mustache, they read Karl Marx … They can look in your library and see what books you read, what magazines you subscribe to…”

It was no wonder, then that Congress enacted the Fair Credit Reporting Act in 1970, to be enforced by the Federal Trade Commission and by private litigants through a civil cause of action. According to Hoofnagle, FCRA is “America’s first federal consumer information privacy law and one of the first information privacy laws in the world.”

Today, FCRA is still at the forefront of fighting privacy violations—but the transition to the new frontier of digital privacy has not been a smooth one. In the '70s, FCRA looked like a white knight charging into the dragon of credit reporting. Today, it sometimes more closely resembles Don Quixote tilting at windmills.

FCRA, after all, assumes that the problem is inaccurate information. (And in all fairness, many Americans have low credit due to false information on their reports). It also imposes duties on credit reporting agencies to keep information from being carelessly disclosed. But people don’t object to spying on the grounds that the secret dossier about them might be full of errors. They object to spying because it’s spying.

A FCRA case still pending at the Supreme Court illustrates this tension. In Spokeo v. Robins, Thomas Robins initiated a class-action lawsuit against “people search engine” Spokeo, because it gave out information “indicating that he has more education and professional experience than he actually has, that he is married (although in fact he is not), and that he is better situated financially than he really is.”

There are probably a lot of people who think Spokeo is creepy and should be regulated. The number of people who think Spokeo is creepy and should be regulated because it made Thomas Robins look better off than he actually is, is likely vanishingly small.

It’s not always clear whether data brokers like Spokeo are consumer reporting agencies for the purposes of FCRA. The Federal Trade Commission certainly thought so in 2012, pointing to how Spokeo marketed its information to “human resources professionals, job recruiters, and others as an employment screening tool.”

The Spokeo website now displays a disclaimer that specifically says its information “cannot be used for FCRA purposes,” but a disclaimer by itself can’t ward away class action lawsuits. To the attorneys for Thomas Robins, Spokeo is a consumer reporting agency in everything but name.

According to a Supreme Court brief written by Spokeo’s lawyers, the service “aggregates publicly available information regarding individuals from phone books, social networks, marketing surveys, real estate listings, business websites, and other sources into a database that is searchable via the Internet using an individual’s name, and displays the results of searches in an easy-to-read format.”

Others see the service differently. “Meet the Stalkers,” is the headline for one article about data brokers. “Did my rapist find me on Spokeo?” asks an anonymous poster on Jezebel.

Data brokers in general pose a threat to victims of domestic violence and targets of stalking, enough that the National Network to End Domestic Violence offers a guide to data brokers. The problem isn’t new. In the early 2000s, the estate of Amy Lynn Boyer sued online investigation service Docusearch, after it provided information on Boyer’s whereabouts to her stalker. (The stalker shot Boyer and then shot himself).

Whether or not specific data brokers today are covered by FCRA, they are a modern-day echo of the bureaus that gave rise to FCRA in the first place. FTC has successfully gone after data brokers under FCRA for millions of dollars in judgments. It’s a far cry from the “wrist-slap” penalties in many electronic privacy cases the agency takes on.

In the Detective Mode case—where rent-to-own stores turned on webcams on laptops and took photos of the renters without their consent—the settlement essentially banned the stores from spying on its customers anymore.

In comparison, extracting a combined $1.6 million from Equifax and other companies for selling and buying lists of consumers who were late on mortgage payments looks like a big deal, until you realize Equifax alone reports $2.66 billion in revenue per year.

No wonder FTC doesn’t seem to have had much of a chilling effect on the collection or sale of data about people.

Where the agency’s limitations stop FTC from going any further, the private sector has stepped in, producing a rip-roaring industry of class-action lawsuits litigated by attorneys that Silicon Valley views as “leech[es] tarted up as freedom fighter[s].

The stated issue in Spokeo is whether a plaintiff can sue under laws like FCRA without showing actual harm. But the subtext is whether or not the Supreme Court will continue to tolerate these kinds of lawsuits. Liberal justices like Kagan and Sotomayor might say yes; justices like the deceased Antonin Scalia, who openly despised the class action plaintiffs’ bar, would say no.

The effect of letting someone sue without showing harm is obvious: It makes it really easy to sue. If you see the world in terms of privacy-invading behemoths that need to be slapped down by buccaneering class action attorneys, then that’s a good thing. But if you see a pack of over-litigious lawyers squeezing settlements out of Silicon Valley as the real villains, then of course it’s a bad thing.

Yet, when it comes to privacy invasion, it’s difficult to show real life injury. LinkedIn leaks your password to the world. You change all your passwords, and so nothing happens. So what? Tracking links monitor your web activity. Someone at the other end collects that information, files it away, and never does anything with it. So what? Having to show harm, or not having to show harm, can make or break an entire genre of lawsuits.

But is this type of litigation actually doing any good? It’s a controversial question, for which there is no easy answer. Squint at these lawsuits from one angle, and you’ll see a privatized regulatory system that keeps data monsters in check. Squint at them from another angle, and all you see is a flock of vultures in suits, picking away at deep-pocketed tech companies.

We peer into a future where our software spies on usour data defines us, and our hardware reinforces existing power imbalances. What’s slowing it down are a federal agency whose remedies often feel unsatisfactory, and a cohort of attorneys whose motivations are of course capitalistic. And while it’s tempting to simply call for more federal intervention, paternalistic impulses sometimes harm the most vulnerable among us.

Regardless, the status quo is not enough. Before FCRA, the credit reporting industry was limited mostly by the technologies they had access to. The bureaus could compile dossiers and accumulate lifetimes of information, but they couldn’t run algorithms on the entirety of this data. And in 1969, the “systematic collection” of information about people from newspapers and court records was “expensive and time-consuming,” whereas today data about people can be scraped automatically from the Internet.

Combined with new forms of financial control over subprime borrowers exercised via the cars and devices they buy, creditors have at their fingertips a web of technological control over debtors. If left unchecked, the future of financial surveillance looks dark. If FCRA trimmed back the worst excesses of the last century of financial surveillance, perhaps it’s time to look to something similar, before it’s too late.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.